| CVE-2019-5885 |
high |
— |
8.0 |
|
|
|
4y ago |
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers … |
| CVE-2020-26890 |
high |
— |
8.0 |
|
|
|
6y ago |
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service atta… |
| CVE-2020-26891 |
high |
— |
8.0 |
|
|
|
6y ago |
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Syn… |
| CVE-2026-45076 |
medium |
— |
5.5 |
|
|
|
21d ago |
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full h… |
| CVE-2026-45078 |
medium |
5.5 |
5.5 |
|
|
|
21d ago |
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing o… |
| CVE-2021-41281 |
medium |
— |
5.5 |
|
|
|
5y ago |
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a rem… |
| CVE-2021-39163 |
medium |
— |
5.5 |
|
|
|
5y ago |
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if t… |
| CVE-2021-39164 |
medium |
— |
5.5 |
|
|
|
5y ago |
Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) o… |
| CVE-2021-29471 |
medium |
— |
5.5 |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 "Push … |
| CVE-2020-26257 |
medium |
— |
5.5 |
|
|
|
6y ago |
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed e… |
| CVE-2025-61672 |
unknown |
— |
— |
|
|
|
8mo ago |
Synapse's invalid device keys degrade federation functionality |
| CVE-2025-30355 |
unknown |
— |
— |
|
|
|
1y ago |
Synapse vulnerable to federation denial of service via malformed events |
| CVE-2024-53867 |
unknown |
— |
— |
|
|
|
2y ago |
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state ev… |
| CVE-2024-53863 |
unknown |
— |
— |
|
|
|
2y ago |
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders |
| CVE-2024-52815 |
unknown |
— |
— |
|
|
|
2y ago |
Synapse allows a a malformed invite to break the invitee's `/sync` |
| CVE-2024-52805 |
unknown |
— |
— |
|
|
|
2y ago |
Synapse allows unsupported content types to lead to memory exhaustion |
| CVE-2024-37303 |
unknown |
— |
— |
|
|
|
2y ago |
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homese… |
| CVE-2024-37302 |
unknown |
— |
— |
|
|
|
2y ago |
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amou… |
| CVE-2024-31208 |
unknown |
— |
— |
|
|
|
2y ago |
Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakn… |
| CVE-2023-43796 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote use… |
| CVE-2023-45129 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanentl… |
| CVE-2023-42453 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note tha… |
| CVE-2023-41335 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. Whi… |
| CVE-2023-32683 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server s… |
| CVE-2023-32682 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This … |
| CVE-2023-32323 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable … |
| CVE-2022-39374 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can t… |
| CVE-2022-39335 |
unknown |
— |
— |
|
|
|
3y ago |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. Thi… |
| CVE-2022-31152 |
unknown |
— |
— |
|
|
|
4y ago |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/… |
| CVE-2022-31052 |
unknown |
— |
— |
|
|
|
4y ago |
Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse proc… |
| CVE-2019-18835 |
unknown |
— |
— |
|
|
|
4y ago |
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected… |
| CVE-2019-11842 |
unknown |
— |
— |
|
|
|
4y ago |
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token… |
| CVE-2018-10657 |
unknown |
— |
— |
|
|
|
4y ago |
Matrix Synapse DoS |
| CVE-2018-16515 |
unknown |
— |
— |
|
|
|
4y ago |
Matrix Synapse Improper Signature Validation |
| CVE-2018-12423 |
unknown |
— |
— |
|
|
|
4y ago |
Matrix Synapse Authorization Error |
| CVE-2018-12291 |
unknown |
— |
— |
|
|
|
4y ago |
Matrix Synapse Security Filtering Flaw |
| CVE-2022-41952 |
unknown |
— |
— |
|
|
|
4y ago |
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated… |
| CVE-2021-21392 |
unknown |
— |
— |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 reques… |
| CVE-2021-21394 |
unknown |
— |
— |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synaps… |
| CVE-2021-21393 |
unknown |
— |
— |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synaps… |
| CVE-2021-21333 |
unknown |
— |
— |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the n… |
| CVE-2021-21332 |
unknown |
— |
— |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the p… |
| CVE-2021-21274 |
unknown |
— |
— |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a mal… |
| CVE-2021-21273 |
unknown |
— |
— |
|
|
|
5y ago |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, reque… |
